ring3下让OD能找到NP进程
BOOL
WINAPI
OdEnumProcesses(
PULONG_PTRProcessId,
ULONG BufferSize,
PULONG Needed
)
{
BOOLEAN Enabled;
ULONG_PTR BufferCount, SizeNeeded;
PSYSTEM_HANDLE_INFORMATION_EX SystemHandles;
PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EXHandle;
POLLYDBG_EX_INFO Info = g_Info;
if (!Info->Modules.AdvEnumProcesses)
return Info->Modules.StubEnumProcesses(ProcessId, BufferSize, Needed);
BufferCount = BufferSize / sizeof(*ProcessId);
SystemHandles = QuerySystemHandles();
if (SystemHandles == NULL)
return FALSE;
MlHandleTable PidTable;
if (PidTable.Create() == NULL)
{
ReleaseSystemInformation(SystemHandles);
return FALSE;
}
SizeNeeded = 0;
Handle = SystemHandles->Handles;
for (ULONG_PTR HandleCount = SystemHandles->NumberOfHandles; HandleCount; ++Handle, --HandleCount)
{
HANDLE Process;
NTSTATUS st;
PROCESS_IMAGE_FILE_NAME2 ImageName;
WCHAR proc;
if (PidTable.Lookup(Handle->UniqueProcessId) != NULL)
continue;
PidTable.Insert(Handle->UniqueProcessId);
if (BufferCount != 0)
{
--BufferCount;
*ProcessId++ = Handle->UniqueProcessId;
}
SizeNeeded += sizeof(*ProcessId);
}
if (Needed != NULL)
*Needed = SizeNeeded;
ReleaseSystemInformation(SystemHandles);
return TRUE;
} 有没有E语言写的!!!
页:
[1]